Data Protection Declaration

The GFZ takes the protection of personal data very seriously. The GFZ is bound to protect the privacy of everyone who uses its website and to treat any personal data provided in the strictest confidence. This data is used solely for the purposes indicated in each case and is not forwarded to any third party.

I. Name and address of controller

The data controller as defined in the General Data Protection Regulation, the national data protection laws of other EU member states, and other data protection regulations is:

Helmholtz Centre Potsdam – German Research Centre for Geosciences GFZ
Telegrafenberg 
14473 Potsdam 
Germnay
Phone: +49 331 288 0 
Website: https://www.gfz-potsdam.de

II. Name and address of data protection officer

The controller’s data protection officer is:

Marko Blau 
Telegrafenberg 
14473 Potsdam 
Germany
Phone: +49 331 288 1052 
E-Mail: datenschutzbeauftragter@gfz-potsdam.de

III. General information on data processing

1. Scope of personal data processing
In general, the GFZ only processes personal data collected from users insofar as this is necessary to provide a functional website with the relevant content and services. As a rule, personal data provided by users is only processed with the respective user's consent. Exceptions apply in cases where the user’s prior consent cannot be obtained on factual grounds and statutory regulations permit the processing of personal data.

2. Legal basis for the processing of personal data
Art. 6 no. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis when the GFZ obtains a data subject's consent to the processing of his/her personal data.

Art. 6 no. 1 lit. b GDPR serves as the legal basis when processing personal data for the performance of a contract to which the data subject is a party. The same applies to any processing measures that are required if steps are to be taken before entering into a contract.

Art. 6 no. 1 lit. c GDPR serves as the legal basis when the processing of personal data is necessary for compliance with a legal obligation to which the GFZ is subject.

Art. 6 no. 1 lit. f GDPR serves as the legal basis when processing is necessary to safeguard the legitimate interests of the GFZ or a third party, and provided these legitimate interests are not outweighed by the data subject’s interests and fundamental rights and freedoms.

3. Data erasure and storage period
The data subject's personal data is erased or blocked as soon as the purpose for which it was stored ceases to apply. Personal data may also be stored if so specified by European or national legislators in EU regulations, laws or other provisions to which the data controller is subject. In such instances, personal data is blocked or erased when a retention period specified in any of the above-named legislation expires, unless it has to be retained for longer in order to conclude or execute a contract.

IV. Provision of website and generation of log files

1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the accessing computer system.

The following information is stored in the web server’s log files:

  • the client's IP address
  • the user’s ID, if the request requires the user to register
  • the date and time of the request
  • the client’s specific request, including the HTTP method, HTTP protocol version, and the path of the resource requested
  • the status code sent back to the client by the server
  • the size of the resources requested
  • the URL of the website from which the user accessed the current web page or file
  • the client program identifier

This data is also stored in our system’s log files. However, it is not stored together with other personal data collected from the user.

The legal basis for the temporary storage of this data is Art. 6 no. 1 lit. f GDPR.

2. Purpose of data processing
This data is used to optimise website use, correct errors, and safeguard the security of our information technology systems. Data collected in this context is not evaluated for marketing purposes.

The above-named purposes also constitute the GFZ’s legitimate interest in processing the data pursuant to Art. 6 no. 1 lit. f GDPR.

3. Storage period
The data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. Log files are deleted within 7 days maximum.

4. Right to object and right to erasure
The collection of data for website provision and the storage of data in log files are absolutely essential to the operation of the website. The user is therefore unable to assert any right to object in this context.

V. Use of Cookies

1. Description and scope of data processing
The ESKP website uses cookies. Cookies are text files stored in the user’s web browser or by the web browser on the user’s computer system. Whenever a user accesses a website, a cookie can be stored on that user's operating system.

ESKP uses cookies to make the website more user-friendly. Some elements on the ESKP website require the accessing browser to be identified after the user has moved to another web page.

2. Legal basis for data processing 
The legal basis for the processing of personal data using cookies is Art. 6 no. 1 lit. f GDPR.

3. Purpose of data processing
The use of technically necessary cookies is intended to simplify website use. Some of the functions on our website cannot be provided unless cookies are enabled. In these cases, it is essential that the browser is also recognised after accessing another page.

The user data collected by these technically necessary cookies is not used to generate user profiles.

4. Storage period, right to object and right to erasure
Cookies are stored on the user's computer, from where they are sent to our website. This means that users have full control over the use of cookies. Users can deactivate or restrict the transmission of cookies by changing their web browser settings. Any cookies already stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for our website, it may no longer be possible to use all the website’s functions in full.

VI. Contact form and e-mail contact

1. Description and scope of data processing
The ESKP website contains a contact form that can be used to contact the ESKP electronically. If a user makes use of this function, the data entered into the form is sent to ESKP and stored. If you wish to use this contact form, we need your name and e-mail address. Other information such as telephone numbers can be provided, but this is not essential.

The following additional data is stored at the time you send us your message:

- see IV. 1. Information in the web server’s log files

Alternatively, you can contact us using the e-mail address provided. In this case, the personal data transmitted with the user’s e-mail is stored.

Data collected in this context is not forwarded to any third parties. It is used solely to process the correspondence.

2. Legal basis for data processing
Art. 6 no. 1 lit. a GDPR serves as the legal basis for processing data when the user’s consent has been obtained. The legal basis for processing data transmitted when sending an e-mail is Art. 6 par. 1 lit. f GDPR. If an e-mail is sent with the intention of concluding a contract, Art. 6 no. 1 lit. b GDPR constitutes an additional legal basis for the processing of this data.

3. Purpose of data processing
Personal data entered into the input mask is processed solely for the purpose of dealing with the correspondence with the user. This also constitutes the necessary legitimate interest in processing the data collected when contact is made by e-mail.

The other personal data processed during the transmission process (see IV. 1. Information in the web server’s log files) serves to prevent improper use of the contact form and safeguard the security of the information technology systems.

4. Storage period
The data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of personal data entered into the contact form's input mask and personal data sent by e-mail, this is the case when the correspondence with the user is terminated. The correspondence is deemed to have been terminated when it can be inferred from the circumstances that the facts in question have been clarified once and for all.

5. Right to object and right to erasure
The user has the right to withdraw his/her consent to the processing of personal data at any time. If the user contacts us by e-mail, he/she can object to the storage of his/her personal data at any time. It will no longer be possible to continue the correspondence in such a case.

In this instance, all personal data stored during the correspondence will be erased.

VII. Web analysis by Matomo (formerly PIWIK)

1. Scope of personal data processing

ESKP uses the open source software tool Matomo (formerly PIWIK) to analyse the browsing behaviour of its website users. The software stores a cookie on the user’s computer (see above for information about cookies). The following data is stored whenever individual pages on the website are accessed:

  1. Two bytes of the IP address of the user's accessing system
  2. The web page accessed
  3. The website from which the user reached the web page accessed (referrer)
  4. The sub pages retrieved from the main web page
  5. The time spent on the web page
  6. The frequency with which the web page is accessed

The software runs solely on the website servers. This is the only place where the user's personal data is stored. This data is not forwarded to any third party.

The software is configured in such a way as to prevent IP addresses from being stored in full; instead, 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). This ensures that the truncated IP address can no longer be identified with the accessing computer. “Do not track” is also taken into account if the browser sends this.

2. Legal basis for the processing of personal data
The legal basis for the processing of the user’s personal data is Art. 6 no. 1 lit. f GDPR.

3. Purpose of data processing
Processing personal data enables us to analyse the browsing behaviour of our users. Evaluations of the data collected allow the GFZ to compile information about the use of individual components on the website. This helps us to continue improving our website and make it more user-friendly. These purposes also constitute our legitimate interest in processing the data pursuant to Art. 6 no. 1 lit. f GDPR. The user’s interest in the protection of his/her personal data is duly taken into account by anonymising the IP address.

4. Storage period
The data is erased as soon as we no longer need it for recording purposes.

5. Right to object and right to erasure
Cookies are stored on the user's computer, from where they are sent to our website. This means that users have full control over the use of cookies. Users can deactivate or restrict the transmission of cookies by changing their web browser settings. Any cookies already stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for the ESKP website, it may no longer be possible to use all the website’s functions in full.

Detailed information about Matomo's privacy settings is available at the following link: https://matomo.org/docs/privacy

VIII. Rights of the data subject

Whenever personal data is processed, the data subject defined in GDPR has rights vis-à-vis the data controller. For details see here

Please select whether you want to allow a website analysis. This helps to improve our offer.